[PATCH 1/2] RRM: Fix the parsing of the extended request subelement
Andrei Otcheretianski
andrei.otcheretianski at intel.com
Tue Dec 26 05:30:15 PST 2023
From: Ilan Peer <ilan.peer at intel.com>
The extended request element is expected to also include the extended
ID.
Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
wpa_supplicant/rrm.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index 1aa87bb017..ac37c7db48 100644
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -1117,6 +1117,17 @@ static int wpas_rm_handle_beacon_req_subelem(struct wpa_supplicant *wpa_s,
return -1;
}
+ if (sid == WLAN_BEACON_REQUEST_SUBELEM_EXT_REQUEST) {
+ if (slen < 2 || subelem[0] != WLAN_EID_EXTENSION) {
+ wpa_printf(MSG_DEBUG,
+ "Invalid extended request");
+ return -1;
+ }
+
+ subelem++;
+ slen--;
+ }
+
if ((sid == WLAN_BEACON_REQUEST_SUBELEM_REQUEST &&
data->eids) ||
(sid == WLAN_BEACON_REQUEST_SUBELEM_EXT_REQUEST &&
--
2.43.0
More information about the Hostap
mailing list